SSL Report:
democita.klgates.com
(205.149.23.205)
Assessed on: Fri, 21 Nov 2025 21:18:40 UTC
| Clear cache
Summary
If trust issues are ignored: B
0
20
40
60
80
100
Certificate
Protocol Support
Key Exchange
Cipher Strength
Visit our documentation page
for more information, configuration guides, and books. Known issues are documented
here.
This server's certificate is not trusted, see below for details.
This server does not support Forward Secrecy with the reference browsers.
Grade capped to B.
MORE INFO »
This server does not support TLS 1.3. MORE INFO »
DNS Certification Authority Authorization (CAA) Policy found for this domain.
MORE INFO »
Certificate #1: RSA 2048 bits (1.2.840.113549.1.1.10)
|
Server Key and Certificate #1
|
|
| Subject |
democita.klgates.com
Fingerprint SHA256: f88dd42d810cf08a713b857496ea44becd431fc9a750061158aeb794249ae313 Pin SHA256: yq/g95MqfP5KgFkvJHgiXFDloCn0cEklS820oC75NaU= |
| Common names | democita.klgates.com |
| Alternative names | democita.klgates.com DemoCita.klgates.com www.democita.klgates.com |
| Serial Number | 1b0000035664494f3a246d8bda000000000356 |
| Valid from | Mon, 03 Nov 2025 19:30:35 UTC |
| Valid until | Sat, 05 Dec 2026 19:30:35 UTC (expires in 1 year) |
| Key | RSA 2048 bits (e 65537) |
| Weak key (Debian) | No |
| Issuer | KL Gates CA Services 2019
AIA: ldap:///CN=KL%20Gates%20CA%20Services%202019,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=kldomain,DC=com?cACertificate?base?objectClass=certificationAuthority AIA: http://crl.kldomain.com/CertEnroll/Sub01/PUSWCASUB01.kldomain.com_KL%20Gates%20CA%20Services%202019.crt |
| Signature algorithm | 1.2.840.113549.1.1.10 |
| Extended Validation | No |
| Certificate Transparency | No |
| OCSP Must Staple | No |
| Revocation information |
CRL CRL: http://crl.kldomain.com/CertEnroll/Sub01/KL%20Gates%20CA%20Services%202019.crl |
| Revocation status | Unchecked (only trusted certificates can be checked) |
| DNS CAA | Yes policy host: klgates.com issue: sectigo.com flags:0 issue: letsencrypt.org flags:0 issue: digicert.com flags:0 |
| Trusted | No NOT TRUSTED
(Why?)
Mozilla Apple Android Java Windows |
Certification Paths |
Configuration
| Protocols | |
| TLS 1.3 | No |
| TLS 1.2 | Yes |
| TLS 1.1 | No |
| TLS 1.0 | No |
| SSL 3 | No |
| SSL 2 | No |
| Cipher Suites | ||
|
# TLS 1.2 (suites in server-preferred order)
|
||
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
ECDH secp384r1 (eq. 7680 bits RSA) FS
|
256 | |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
ECDH secp384r1 (eq. 7680 bits RSA) FS
|
128 | |
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)
WEAK
|
256 | |
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)
WEAK
|
128 | |
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)
WEAK
|
256 | |
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)
WEAK
|
128 | |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
ECDH secp384r1 (eq. 7680 bits RSA) FS
WEAK
|
256 | |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
ECDH secp384r1 (eq. 7680 bits RSA) FS
WEAK
|
128 | |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
ECDH secp384r1 (eq. 7680 bits RSA) FS
WEAK
|
256 | |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
ECDH secp384r1 (eq. 7680 bits RSA) FS
WEAK< | ||